The release of 1.27.111 is inminent. I have the PKGBUILD ready in case alerque can't upload it.
I can confirm that:
- The systemd-resolved issues are fixed
- Printer preview is working fine (But I didn't test it on the previous version)
Search Criteria
Package Details: brave-bin 1:1.73.91-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/brave-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | brave-bin |
| Description: | Web browser that blocks ads and trackers by default (binary release) |
| Upstream URL: | https://brave.com |
| Keywords: | brave browser |
| Licenses: | BSD, MPL2, custom:chromium |
| Conflicts: | brave |
| Provides: | brave, brave-browser |
| Submitter: | toropisco |
| Maintainer: | alerque (alosarjos) |
| Last Packager: | alosarjos |
| Votes: | 820 |
| Popularity: | 16.85 |
| First Submitted: | 2016-04-06 13:16 (UTC) |
| Last Updated: | 2024-11-20 18:19 (UTC) |
Dependencies (8)
- alsa-lib
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-classic-xfceAUR, gtk3-patched-filechooser-icon-viewAUR)
- libxss
- nss (nss-hgAUR)
- ttf-font (neuropol-ttfAUR, ttf-win7-fontsAUR, ttf-ms-win8AUR, ttf-ms-win8-arabicAUR, ttf-ms-win8-hebrewAUR, ttf-ms-win8-seaAUR, ttf-ms-win8-indicAUR, ttf-ms-win8-japaneseAUR, ttf-ms-win8-koreanAUR, ttf-ms-win8-zh_cnAUR, ttf-ms-win8-zh_twAUR, ttf-ms-win8-thaiAUR, ttf-ms-win8-otherAUR, ttf-kidsAUR, ttf-liberation-sans-narrowAUR, ttf-cavafy-scriptAUR, ttf-ms-fontsAUR, ttf-dejavu-ibAUR, ttf-zeldaAUR, ttf-oxygenAUR, ttf-oxygen-gfAUR, ttf-share-gfAUR, ttf-gostAUR, otf-inconsolata-dzAUR, ttf-d2codingAUR, ttf-agaveAUR, ttf-caracteresAUR, ttf-cuprumAUR, ttf-autour-oneAUR, ttf-impallari-milongaAUR, ttf-impallari-miltonianAUR, ttf-clarity-cityAUR, ttf-ms-win10AUR, ttf-ms-win10-japaneseAUR, ttf-ms-win10-koreanAUR, ttf-ms-win10-seaAUR, ttf-ms-win10-thaiAUR, ttf-ms-win10-zh_cnAUR, ttf-ms-win10-zh_twAUR, ttf-ms-win10-otherAUR, ttf-win10AUR, ttf-ms-win10-cdnAUR, ttf-bmonoAUR, ttf-pt-astra-factAUR, ttf-weblysleekuiAUR, ttf-pt-astra-sansAUR, ttf-pt-astra-serifAUR, ttf-pt-sansAUR, ttf-pt-serifAUR, ttf-pt-monoAUR, ttf-pt-root_uiAUR, ttf-xo-fontsAUR, noto-fonts-liteAUR, ttf-paratypeAUR, ttf-plemoljp-binAUR, ttf-dejavu-emojilessAUR, noto-fonts-variable-liteAUR, ttf-lucida-fontsAUR, ttf-plemoljpAUR, ttf-juiseeAUR, ttf-ms-win10-autoAUR, ttf-karlaAUR, noto-fonts-latin-greek-cyrillicAUR, apple-fontsAUR, ttf-noto-sans-vfAUR, ttf-noto-serif-vfAUR, ttf-noto-sans-mono-vfAUR, ttf-ms-win11AUR, ttf-ms-win11-japaneseAUR, ttf-ms-win11-koreanAUR, ttf-ms-win11-seaAUR, ttf-ms-win11-thaiAUR, ttf-ms-win11-zh_cnAUR, ttf-ms-win11-zh_twAUR, ttf-ms-win11-otherAUR, ttf-ms-win11-autoAUR, gnu-free-fonts, noto-fonts, ttf-bitstream-vera, ttf-croscore, ttf-dejavu, ttf-droid, ttf-ibm-plex, ttf-input, ttf-input-nerd, ttf-liberation)
- cups (cups-gitAUR, cups-gssapiAUR) (optional) – Printer support
- libgnome-keyring (optional) – Enable GNOME keyring support
- libnotify (libnotify-gitAUR) (optional) – Native notification support
Required by (10)
- brave-extension-bitwarden-git (requires brave) (optional)
- chromium-material-icons-for-github-bin (requires brave) (optional)
- chromium-vencord (requires brave) (optional)
- chromium-vencord-bin (requires brave) (optional)
- chromium-vencord-git (requires brave) (optional)
- ice-ssb-git (requires brave) (optional)
- mermaid-cli-brave (requires brave)
- mermaid-cli-brave (requires brave) (make)
- nfauthenticationkey (requires brave) (optional)
- profile-sync-daemon-brave (requires brave) (optional)
Sources (4)
alosarjos commented on 2021-08-05 20:47 (UTC)
alerque commented on 2021-08-05 12:02 (UTC)
@the-k Yes at this point I'm sticking to my original position. You can take it up on the aur-general list or something if you want to make a scene, but to consider yourself warned. @mixedCase already outlined some of the issues with your position. Yes, practically EVERY browser update these days include security fixes of various grades and people should be running the absolute latest where possible.
The checksum in this packaging is basically only protecting you from not noticing a corrupted download file. Since it's not being published and signed upstream when this gets bumped it's basically just a blind download by me or somebody else and we slap the checksum we got on it. This is true of most AUR packages. It's basically just the maintainer saying "this is the one that worked for me". If you think that is a safeguard against browser security issues then, respectfully, you're guilty of security theater. At best it tells you your browser downloads are only being MITMed by the same party mine are and not some nefarious clown at your ISP.
To you are anyone else that wants a new version sooner than we push a bump here, download this repo, edit the pkgver to the one you want, and makepkg -sif --skipinteg it.
zerophase commented on 2021-08-04 18:00 (UTC)
Isn't systemd-resolved not the default DNS setup? I thought the arch install has something else for getting DNS working. By the very definition of it not being default Arch wouldn't an Arch user* have enough skills to fix the problem themselves?
*Distros based on Arch are not supported by the AUR as a best practice. They have their own forums for these issues.
CReimer commented on 2021-08-04 17:07 (UTC)
@duhdugg: Tried it again on my computer at home. Same as on my office computer. Opening the print preview in 1.27.109 segfaults for me
duhdugg commented on 2021-08-04 14:33 (UTC)
leaving security to the user by default is a recipe for disaster
@the-k the AUR exists on the premise that the user has the necessary technical acumen to mitigate the risks of installing user-submitted packages. People using AUR helpers (and "friendly" derivatives) to upgrade packages without review is the much larger risk here.
That said, my argument could also be applied as a reason for bumping the version and telling the user to just reconfigure DNS (the user is just as capable of maintaining their system config for the packages they have installed). Either way, you decide whether to pull the latest changes from AUR and build your package from that. You are always free to fork the package or start your own repo. You may disagree with the maintainer's decision here, but he still doesn't owe you anything.
duhdugg commented on 2021-08-04 14:00 (UTC)
@CReimer no segfaults here on 1.27.109. here is my PKGBUILD
alosarjos commented on 2021-08-04 12:03 (UTC)
I can't believe how people has reacted to having a single -bin package that has no dependants outdated for a few days.
There is a new 1.27 release being due for today or tomorrow which should fix all this.
I still can't believe the behaviour that some package managers have to handle for their work during their free time.
I hope I could help a bit providing as much info as I could on the bug and it's resolution upstream. Thanks a lot to mixedCase and now alerque for their time and effort.
Hoping we can see this package on the community repo at some point too.
the-k commented on 2021-08-04 07:31 (UTC)
@alerque So, are you sticking to your original position or are you gonna take an action? I see some input from other users, yet nobody's really weighing on the security aspect and the fact that leaving security to the user by default is a recipe for disaster.
CReimer commented on 2021-08-04 06:15 (UTC)
I think there's another huge problem with the newer versions of Brave. Anyone else seeing segfaults in print preview?
warwickmm commented on 2021-08-04 02:39 (UTC) (edited on 2021-08-04 02:40 (UTC) by warwickmm)
The update to 1.27.108 is in the package history, so the following works for me (I'm using openresolv instead of systemd-resolved). No need to skip checksums.
$ git checkout 7339c3c && makepkg -sri
Many thanks to @mixedCase and @alerque for all their time and work.
Pinned Comments
alerque commented on 2021-11-27 03:11 (UTC)
@ant0n et all, lets keep the comments here about packaging issues, general Brave usage issues should go in another forum to not clutter up this comment space. I'm deleting comments that have no relation to packaging. Grey areas like crashes that could be blamed on Arch can stay until proven otherwise, but things like how to configure Brave to handle popups or site X or whatever just don't belong here. Thanks for understanding.